Well, if you're interested in some greater level of security where you can decrypt, you might want to check out rijndael encryption (a type of AES). Shane Kretzmann wrote a good rijndael php class that I think is still on phpclasses.

It can be a bit difficult working with binary passwords, but if you really need security, it seems like one of the better options.

I've been testing it myself, and the only issue I see is, of course: keeping the key secret. I've been looking at a few methods, but I'm always interested in others ideas on that issue.

Regards,

J. Hill



Cristian Vrabie wrote:
It's true md5 is very old but is not completely obsolete. Used in combination with a random salt is still hard to decode. Maybe i won't use it as encryption for passwords any more but I would use it for digital signature or data integrity check.

[EMAIL PROTECTED] wrote:
Whilst reviewing my penetration testing I have noticed that both the
md5 and sha1 hashing algorithms are now considered less secure than
previously thought. Migration to sha256 is encouraged:

http://www.owasp.org/index.php/Cryptography#Algorithm_Selection

Then I found the comment below from:

http://uk3.php.net/manual/en/function.md5.php

http://md5.rednoize.com offers a service to reverse engineer md5
hashes. Very useful if you got a md5 hash and need the plain text
string of this md5 hash. The website has currently over 47 million
hashes stored. It also has support for SHA-1 hashes.

Consequently I shall be updating my authentication class.


Andy



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to